You may remember Mozilla's initiative from 2014 to remove those root CAs from the CA trust store that use RSA keys of a weaker 1024-bit size. The topic has been previously discussed on this list [1].
Because of past limitations with both OpenSSL [2] and GnuTLS, and to ensure their compatibility with most security SSL/TLS sites until their limitations could be removed, we had decided to delay the removal of the root CA trust from Fedora. We called that legacy trust, the legacy trust was set to enabled as the default configuration, and we had introduced the ca-legacy utility [3] to allow an administrator to configure their preference between a "default" setting (higher compatibility) and "disable" (less compatibility, strictly following Mozilla's decisions), and we documented our changes over time to Mozilla's list [4]. Mozilla upstream has completed the removal of SSL/TLS trust for all such root CAs, the last removal had happened in late 2015. (... although some of the root CAs are still trusted for email security certificates, this is why the legacy tool doesn't simply add or remove CAs, but it switches between two different sets of trust flags.) As a result, operators of web sites had time to learn about broken sites, and it's likely that most sites have been fixed. Therefore it's time to follow up. In the meantime, both GnuTLS and OpenSSL have been fixed, and the versions we ship in stable Fedora can handle the problematic scenarios correctly. I'm not aware of SSL/TLS sites that are trusted in a fresh Firefox profile, but which aren't trusted by openssl s_client or gnutls-cli when the system is configured with ca-legacy disable. (Thanks a lot to Hubert Kario for performing web scans of a large set of major web sites, that provided helpful data.) Therefore I suggest that we attempt to remove all legacy trust flags in an update to the ca-certificates.rpm package very soon. (More specifically, I suggest that the legacy list is changed to be empty, with the result that both legacy configurations "default" and "disable" will have the identical state.) An update to the ca-certificates set version 2016.2.9 (as of NSS 3.26) is currently pending (which adds trust for the ISRG / Let's Encrypt root CA). I'd like to push that one to stable updates first. Immediately afterwards, I'd like to submit a follow-up release, that removes the legacy trust flags, and push that to testing on all currently maintained Fedora branches. I'd like to disable auto-karma for the legacy CA removal, and allow a few weeks to wait for feedback. Unless we find good reasons not to do it, I suggest to push the legacy removals to stable around 2016-09-21. Please let me know if you any questions or concerns. Kai [1] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/OCQ5LTMJFT4A366TBSPXWWROV7WCJV5J/ [2] https://rt.openssl.org/Ticket/Display.html?id=3621#txn-49999 [3] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/4NZLWGVXCGUROHT535R7PTRQJKHILSWW/ [4] https://fedoraproject.org/wiki/CA-Certificates [5] https://bugzilla.mozilla.org/show_bug.cgi?id=1156844 -- devel mailing list devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
